You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hi Vitor, good suggestion to create keys automatically.
These are some possible things we may want to consider
Some of the other resources like GitLab and Gitaly currently reference the key via a variable which supplies the name. If we create the keys automatically, these resources may have to depend on the key creation before proceeding to avoid errors in resource creation
Could we add a condition to give users an option for whether they want to use their existing keys (what was done previously) or create the keys via the module (the change proposed)? Perhaps a condition to create the module based on a variable would be good
There could be an issue where users want to use the same key for all instances (This is not good security practice but is convenient for a small hobby project). In this case if we create the keys in a module this way, if they share a similar name it will produce an error.
Do let me know your thoughts and it's cool to meet someone who is interesting in automating the GitLab installation on AWS too!
If you to keep key_pairs module on top of main.tf file It will not happen. Anyway depends_on could be a alternative solution, right?
yes, an option to choise between create automatically or not is a good idea.
I think it`s not good practice maybe do not need an option for this. So said that and a small project want to use a same key for all resources they could create your own call to module passing hardcoded key name. But I think the code or module dont need to provide this option.
The dependencies can be solved if the other modules reference the key pair attributes from the key pair module like module.key_pair.<key_pair_attribute>. This way it will create the key pairs first. However, if we have an option to create the key_pairs or bring your own key_pair then this dependency could throw an error if users bring their own key_pair and then there is still the dependency module.key_pair.<key_pair_attribute> in the other modules. One work around is to use the same condition that created the key_pair to either refer to module.key_pair.<key_pair_attribute> or var.key_pair_name
Yes, we should definitely include that condition
Yup, agreed it is not best practice and if we want to enforce the use of different keys, it is ok.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposal to create key pairs automatically.